Secure data transactions

ABSTRACT

A data exchange agreement between a first user and a second user is written, by a data exchange platform, into a block chain. The data exchange agreement is associated with first data. A first key is received, by the data exchange platform and from a first device associated with the first user. The first key is used for decrypting encrypted first data. The received first key is transmitted by the data exchange platform to a second device associated with the second user.

CROSS REFERENCE TO RELATED APPLICATIONS

This application claims priority to Chinese Application No.201710102824.3, filed on Feb. 24, 2017, which is incorporated byreference is its entirety.

BACKGROUND

Data owned by a user has certain value. Normally, when the user performsa data transaction (such as, exchanging data with another user to obtaineach desired data), the exchanged data are transmitted through a dataexchange platform.

SUMMARY

The present disclosure describes secure data transactions.

In an implementation, a data exchange agreement between a first user anda second user is written, by a data exchange platform, into a blockchain. The data exchange agreement is associated with first data. Afirst key is received, by the data exchange platform and from a firstdevice associated with the first user. The first key is used fordecrypting encrypted first data. The received first key is transmittedby the data exchange platform to a second device associated with thesecond user.

Implementations of the described subject matter, including thepreviously described implementation, can be implemented using acomputer-implemented method; a non-transitory, computer-readable mediumstoring computer-readable instructions to perform thecomputer-implemented method; and a computer-implemented systemcomprising one or more computer memory devices interoperably coupledwith one or more computers and having tangible, non-transitory,machine-readable media storing instructions that, when executed by theone or more computers, perform the computer-implemented method/thecomputer-readable instructions stored on the non-transitory,computer-readable medium.

The subject matter described in this specification can be implemented inparticular implementations, so as to realize one or more of thefollowing advantages. First, the described approach can be used toenable data transactions. For example, in a data exchange process, adata exchange platform writes a data exchange agreement between a firstuser and a second user into a block chain, and stores the data exchangeagreement. The data exchange platform then receives a first key from afirst device associated with the first user. The first key is used fordecrypting encrypted first data. The first device transmits theencrypted first data to a second device associated with the second user.The data exchange platform transmits the first key to the second device,and the second device decrypts the encrypted first data based on thefirst key to obtain the first data. Second, the described approach canprovide secure data transactions. The data exchange platform keeps clearof the exchanged first data in the data exchange process. As a result,the described approach can avoid the risk that the first data can beused by the data exchange platform for other purposes, and enhance thedata security in the data exchange process. Other advantages will beapparent to those of ordinary skill in the art.

The details of one or more implementations of the subject matter of thisspecification are set forth in the Detailed Description, the Claims, andthe accompanying drawings. Other features, aspects, and advantages ofthe subject matter will become apparent to those of ordinary skill inthe art from the Detailed Description, the Claims, and the accompanyingdrawings.

DESCRIPTION OF DRAWINGS

FIG. 1 is a flowchart illustrating an example of a computer-implementedmethod for secure data transactions, according to an implementation ofthe present disclosure.

FIG. 2 is a block diagram illustrating an example of a networkingenvironment for secure data transactions, according to an implementationof the present disclosure.

FIG. 3 is a swim diagram illustrating an example of acomputer-implemented method for secure data transactions, according toan implementation of the present disclosure.

FIG. 4 is a block diagram illustrating an example of a data exchangeplatform, according to an implementation of the present disclosure.

FIG. 5 is a flowchart illustrating another example of acomputer-implemented method for secure data transactions, according toan implementation of the present disclosure.

FIG. 6 is a block diagram illustrating an example of acomputer-implemented system used to provide computationalfunctionalities associated with described algorithms, methods,functions, processes, flows, and procedures, according to animplementation of the present disclosure.

Like reference numbers and designations in the various drawings indicatelike elements.

DETAILED DESCRIPTION

The following detailed description describes secure data transactions,and is presented to enable any person skilled in the art to make and usethe disclosed subject matter in the context of one or more particularimplementations. Various modifications, alterations, and permutations ofthe disclosed implementations can be made and will be readily apparentto those of ordinary skill in the art, and the general principlesdefined can be applied to other implementations and applications,without departing from the scope of the present disclosure. In someinstances, one or more technical details that are unnecessary to obtainan understanding of the described subject matter and that are within theskill of one of ordinary skill in the art may be omitted so as to notobscure one or more described implementations. The present disclosure isnot intended to be limited to the described or illustratedimplementations, but to be accorded the widest scope consistent with thedescribed principles and features.

The development of information technology has brought great convenienceto people's work and life. In the field of information technology,information is stored and transmitted by using data as a carrier, anddata can be stored in a binary form in a storage medium of a computingdevice. In some implementations, the data can be text, symbolic, video,audio, or in any other form that can be identified by the computingdevice.

Data, as a carrier of information, usually has certain value. Especiallyin an age of big data, big data has great value for the government andenterprises to carry out various types of work or activities.Information extracted from the big data can help the government andenterprises to make better decisions. For example, large socialnetworking sites usually accumulate a large amount of user data, whichnot only records personal identity information of users, but alsoreflects the users' personal hobbies, living habits, personalrelationships, and other user-associated information. The informationcontained in the accumulated user data has great value for carrying outsubsequent business development, such as, helping marketing companies topush advertisements precisely to users.

Data holders can exchange data with each other to obtain each desireddata in order to make full use of data owned by each. To make itconvenient for data consumers to find useful data for themselves, bothparties of a data exchange process can exchange data through a dataexchange platform.

However, because data is replicable, the ownership of data is not asclear as that of a real object. When a real object is transferred fromparty A to party B, party A loses the ownership of the real object. Whendata is transferred from one party to another passing through a thirdparty in a data transfer process, the third party can copy the data,thereby owning the data. This can damage the interests of both otherparties in the data exchange process.

The data exchange platform can play not only a role of matching twoparties of a data exchange process, but also a role of a guarantor, thatis, guaranteeing the interests of both parties in the data exchangeprocess. In order to prevent the situation that, after one party of adata exchange process sends its data to the other party, the other partydoes not send its own data to the one party, the data exchange platformcan first acquire the exchanged data from both parties of the dataexchange process, and then separately send data to both parties of thedata exchange process. In doing so, the data exchange platform canprevent either party from reneging on a promise. Thus, it is possiblethat the data exchange platform itself can use the exchanged data forother purposes, thereby causing damages to the interests of both partiesin the data exchange process, and decreasing data security of the dataexchange process. To solve this problem, the instant disclosuredescribes a secure data transaction method. The data transaction methodprovided in the instant disclosure can be executed by a data exchangeplatform, and the data exchange platform can be software, hardware, or acombination of both for implementing this method.

Hereinafter, the technical solution provided in each implementation ofthe instant disclosure is described in detail with reference to theaccompanying drawings.

Implementation 1

In order to solve the low data security problem in the existing dataexchange process, Implementation 1 of the instant disclosure describes adata transaction method. In this implementation of the instantdisclosure, for ease of description, both parties of a data exchange arereferred to as a first user and a second user. The first user and thesecond user may be any organization or individual. The first user andthe second user herein are used for distinguishing both parties of adata transaction, and should not be understood as a limitation to bothparties of the data transaction in the instant disclosure.

Both parties can execute some operations of a data exchange process byusing user devices. For ease of description, a user device correspondingto one or more operations executed by the first user is referred to as afirst device, and a user device corresponding to one or more operationsexecuted by the second user is referred to as a second device. It shouldbe noted that, in particular data exchange processes, a same user canuse a single device or different devices. That is, the first device andthe second device mentioned in each process in an implementation of theinstant disclosure can be different devices. The device can be, forexample, a personal computer, a server, a mobile terminal, or othercomputing device, the type of which is not limited in the instantdisclosure.

In a data exchange process, both parties of the data exchange processusually concur to a data exchange agreement before exchanging data. Thedata exchange agreement refers to an agreement on details of the dataexchange process between both parties of the data exchange processbefore data is exchanged. The data exchange agreement includesprovisions stipulated by both parties of the data exchange process inorder to determine their respective rights and obligations, and theprovisions are abided by both parties.

To reach a data exchange agreement, a first user, through a firstdevice, can publish data information on a data exchange platform. Afterreceiving the data information from the first device, the data exchangeplatform can then publish the data information. Thus, a second user, whois interested in the data information, can place an order for the datainformation on the data exchange platform through a second device, afterdiscovering the data information on the data exchange platform. The dataexchange platform receives the order for the published data informationfrom the second device, and sends the order to the first device. Afterthe first device confirms the order, the data exchange platform receivesconfirmation information for the order sent by the first device, therebyachieving the data exchange agreement.

The previous description briefly describes a process of achieving anagreement. In real applications, both parties of a data exchange processcan decide details of the agreement through multiple negotiations. Thedata exchange agreement can include identity information of both partiesof the data exchange process, characteristic information of theexchanged data, data usage specifications abided by both parties, andpunishment, abided by both parties, for violating the agreement, andother information. In this way, after receiving data, a receiver cantake corresponding measures, based on the agreement, if the receiveddata does not conform to the description in the agreement.

In the agreement, the characteristic information of the exchanged datacan include at least one of the following: a message digest forverifying integrity of the data, and baseline information forsummarizing specific content of the data. For first data, thecharacteristic information of the first data includes at least one ofthe following: a message digest for verifying integrity of the firstdata, and baseline information for summarizing specific content of thefirst data.

The message digest is a fixed-length value, uniquely corresponding to amessage or document, determined based on a one-way hash algorithm. Thus,when the data to be exchanged is modified, the message digest of thedata can also change. Commonly used one-way hash algorithms include: aMessage Digest Algorithm 5 (MD5), a Secure Hash Algorithm (SHA), aMessage Authentication Code (MAC), and so on.

Based on the message digest of the first data contained in theagreement, after receiving the encrypted data, the second user can carryout integrity check on the encrypted data to determine whether thereceived data has been modified. Meanwhile, an integrity check value canbe a reference in future disputes between both parties of the dataexchange process.

The baseline information for summarizing specific content of the firstdata can be, for example, the type of data that should be included inthe first data, or some specific conditions that the data in the firstdata should satisfy, or effects that can be achieved when applying thedata in the first data, and so on. Based on the information, the seconddevice can verify the specific content of the first data, thuspreventing the second user from being deceived, and avoiding losses toits own interests.

The disclosure describes a process of achieving a data exchangeagreement by both parties of a data exchange process before sendingdata. A process of sending data by both parties of the data exchangeprocess in the instant disclosure, that is, a secure data transactionmethod is also described in the instant disclosure. A schematicflowchart for implementing the secure data transaction method is shownin FIG. 1.

FIG. 1 is a flowchart illustrating an example of a computer-implementedmethod 100 for secure data transactions. For clarity of presentation,the description that follows generally describes method 100 in thecontext of the other figures in this description. However, it will beunderstood that method 100 can be performed, for example, by any system,environment, software, and hardware, or a combination of systems,environments, software, and hardware, as appropriate. In someimplementations, various steps of method 100 can be run in parallel, incombination, in loops, or in any order.

At 110, a data exchange platform uses block chain technology and writesa data exchange agreement between a first user and a second user into ablock chain and stores the agreement. In another implementation, anagreement can be stored in a storage medium of a computing device in theform of data.

Data stored in a storage medium can have a risk of being modified. Inorder to prevent both parties of a data exchange process from modifyingthe agreement without authorization, and to enhance the security of theagreement data, the data exchange platform can be used as a third partyto save the agreement.

However, if the agreement is saved by the data exchange platform, it ispossible that the data exchange platform can modify the agreement. Forexample, if the data exchange platform colludes with one party of thedata exchange process to modify the agreement, the interests of theother party will be damaged. In order to further enhance the security ofthe agreement data, and to enhance the credibility of the data exchangeplatform, the previously mentioned block chain technology can be usedfor storing the data exchange agreement between the first user and thesecond user.

The block chain technology is a decentralized, detrusted, tamper-proof,distributed data storage technology. A data structure stored by usingthe block chain technology is a chained data structure. Data in thechained data structure can be changed only in an incremental manner.Data already recorded will keep the initial state, and will not becovered (for example, re-written).

Meanwhile, the block chain follows a consensus mechanism when recordingdata. When a node records data, the recorded data can be recorded ineach node of the block chain only after obtaining the consensus of mostnodes in the block chain. This greatly reduces the possibility that thestored data is illegal data, thus greatly reducing the possibility ofthe agreement being tampered with.

The consensus mechanism used in the block chain technology can be, forexample, a proof-of-work mechanism, a proof-of-stake mechanism, adelegated proof-of-stake mechanism, a verification pool mechanism, andso on. To modify existing data in the block chain, the only option is toreplace the original data by forging a side chain. The tampering costsare huge in terms of technical difficulty, time consumption, and laboruse. It is almost impossible to accomplish this under the consensusmechanism of the block chain.

It can be concluded through the previously described analysis that theimplementation of the instant disclosure that stores a data exchangeagreement by using a block chain technology, can effectively avoid thepossibility of the agreement being tampered with, and hence greatlyenhance the security of the data exchange agreement. From 110, method100 proceeds to 120.

At 120, the data exchange platform receives a first key sent by a firstdevice. The first key is used for decrypting encrypted first data.

The first data mentioned here is data that the first user expects tosend to the second user. Thus, the first user here is a sender of thefirst data, and the second user is a receiver of the first data. Itshould be apparent to those of ordinary skill in the art that sending ofdata between users, in actual operation, can be by a user using a deviceto send data to a device of another user.

In order to prevent data from being stolen by a third party, the firstdata can be encrypted, and then sent to the second device. Incryptography, encryption is used to hide real information, so that thereal information is not readable without a decryption key, therebyenhancing the security in data transmission.

Even if the data is encrypted before transmitted through the dataexchange platform, it is still possible that the data exchange platformcan use the encrypted first data for other purposes. For example, thedata can be cracked by the data exchange platform. Alternatively, theencrypted first data can be sent by the first device directly to thesecond device, and the data exchange platform keeps clear of theexchanged data. In doing so, the security in data transmission can befurther enhanced.

The data can be encrypted by the first device using a variety ofencryption methods. For example, the first data can be encrypted byusing a symmetric encryption algorithm. In this case, the first key hereis a key used to encrypt the first data. In this way, the data exchangeplatform determines a key for decrypting the encrypted first data basedon receiving the key that is sent by the first device and used forencrypting the first data. Or, the first device can also encrypt thefirst data by using an asymmetric encryption algorithm, and encrypt thefirst data with a public key sent by the data exchange platform. In thisway, the data exchange platform only needs to determine a private keyfor decrypting the encrypted data.

In order to restrict both parties of a data exchange process, it ispreferred that the first key is sent by the data exchange platform atthe right time, instead of being directly sent by the first device tothe second device. That is, after the first device encrypts the firstdata by using a symmetric encryption algorithm, the first key used inthe encryption can be sent by the first device to the data exchangeplatform. After receiving the first key sent by the first device, thedata exchange platform can send the first key to the second device. From120, method 100 proceeds to 130.

At 130, the data exchange platform sends the first key to a seconddevice.

In this way, after receiving the encrypted first data sent by the firstdevice, the second device can decrypt the received encrypted first databased on the first key to obtain the first data. The second device is adevice corresponding to the second user.

Similarly, when sending data to the first device, the second device canalso encrypt the data by using a key. Here, the to-be-exchanged dataheld by the second user is referred to as second data. After encryptingthe second data, the second device sends the encrypted second data tothe first device, and then sends a second key for decrypting theencrypted second data to the data exchange platform. The platform thensends the second key to the first device, such that the first device candecrypt the encrypted second data by using the second key to obtain thesecond data, thus accomplishing data exchange process between bothparties. In this process, the exchanged data between both parties doesnot pass the data exchange platform, thereby enhancing the security ofthe exchanged data.

It should be noted that, in the implementation of the instantdisclosure, for ease of description, the data held by the first user isreferred to as the first data, the data held by the second user isreferred to as the second data, and the process of exchanging data byboth parties is a process of exchanging the first data and the seconddata. It can be understood that the terms “first” and “second” used inthe implementation of the instant disclosure are used for distinguishingdifferent described objects, and do not refer to particular objects.

In order to further enhance the data security and to prevent damage tothe interests of either party, after receiving the keys sent by bothparties (for example, the first key sent by the first device, and thesecond key sent by the second device), the data exchange platform cansend the keys to both parties (for example, the first key to the seconddevice, and the second key to the first device) after receivingconfirmation information sent by both parties for the first and seconddata. In doing so, it can prevent the case that one party does not sendthe key after receiving its desired data, which greatly harms theinterests of the other party. For example, after sending the first keyto the second device, the data exchange platform sends the second key tothe first device after receiving the confirmation information sent bythe second device for the first data. The confirmation information forthe first data indicates that the second user determines that the firstdata conforms to the description in the agreement, thus effectivelyprotecting the interests of the second user. Similarly, after receivingthe confirmation information sent by the second user for the first data,the data exchange platform can also receive confirmation informationsent by the first device for the second data. The confirmationinformation for the second data indicates that the first user determinesthat the second data conforms to the description in the agreement.

Different types of data can be exchanged through a platform. The datacan be, for example, data that the user does not care whether it isobtained by a third party, or data from which value cannot be acquiredthrough replication. These types of data do not need to be encrypted,thus saving computing resources and storage resources. For ease ofdescription, data that can be exchanged through a platform is referredto as third data.

Hereinafter, a data exchange method provided in the instant disclosureis illustrated in detail by using an example in which to-be-exchangeddata of the second user is the third data that can be exchanged throughthe data exchange platform, and the technology for encrypting the firstdata to be exchanged is a symmetric encryption technology. The methodincludes the following steps:

Step 1: A data exchange platform writes a data exchange agreementbetween a first user and a second user into a block chain and stores theagreement.

Step 2: The data exchange platform receives a first key sent by a firstdevice. The first key is used for decrypting encrypted first data.

Step 3: The first device sends the encrypted first data to a seconddevice.

Step 4: The second device sends third data to the data exchangeplatform.

It should be noted that the instant disclosure does not limit theexecuting order of step 2, step 3, and step 4.

Step 5: The data exchange platform sends the received first key to thesecond device.

Because the second user sends the third data to the data exchangeplatform directly, the data exchange platform can verify the third data.If it is determined that the third data does not conform to theagreement achieved by both parties, the data exchange platform will notsend the first key to the second device, thereby avoiding damage to theinterests of the first user. Therefore, a specific implementationprocess of this step can be: sending the received first key to thesecond device if the data exchange platform determines that the thirddata conforms to the agreement of both parties.

Step 6: The second device decrypts the received encrypted first dataaccording to the received first key to obtain the first data.

Step 7: The data exchange platform sends the third data to the firstdevice.

For the second user obtaining the first data, the platform cannot verifythe authenticity of the first data since the platform keeps clear of thefirst data. In this case, the first data is verified by the seconddevice. During the verification process, the second device can acquirecharacteristic information associated with the first data agreed on byboth parties in the agreement. Specifically, the characteristicinformation can be acquired from the agreement stored in a block chain.In some implementations, the second device stores the agreement locallywhen negotiating the agreement. Therefore, the second device can alsoacquire the characteristic information from the agreement storedlocally. After acquiring the characteristic information associated withthe first data in the agreement, the second device can verify whetherthe acquired first data conforms to the agreement according to theacquired characteristic information.

In this way, if the second user determines that the first data does notconform to the original agreement, the platform cannot send the thirddata to the first device, thereby avoiding damage to the interests ofthe second user.

Thus, the third data can be sent to the first device when a data sendinginstruction sent by the second device is received. The data sendinginstruction here is an instruction that instructs the data exchangeplatform to send the third data to the first user. For example, theinstruction can be the aforementioned confirmation information for thefirst data. Thus, the third data is sent to the first device only afterthe second user determines that the first data conforms to thedescription in the agreement.

However, if the second user does not send a data sending instruction tothe platform, the first user will not receive the third data. In orderto avoid damage to the interests of the first user, in some cases, thethird data can be sent to the first user without a data sendinginstruction. For example, if the first user did not send confirmationinformation for the first data after a preset duration since the firstkey is sent to the second user, the third data can be sent to firstuser.

Based on the previous description, a specific implementation process ofstep 7 can be: sending the third data to the first user when a presetcondition is met. Here, when a preset condition is met can be after thedata sending instruction sent by the second device is received, or aftera preset duration, since the key is sent to the second device.

At this point, the exchange of the first data and the third data betweenusers is accomplished. This method can prevent the situation that oneparty does not send data to the other party after acquiring the datasent by the other party, thereby protecting the interests of bothparties of a data exchange process.

After the completion of the data exchange process, the data exchangeplatform can write completion information of the data exchange into aresult of the data change agreement in the block chain, and store thecompletion information of the data exchange process for subsequent use.

In the implementation of the instant disclosure, a transmission state ofthe encrypted data can be determined. The transmission state of theencrypted data can prevent the situation that the second user receivesthe encrypted data but claims that the encrypted data is not received.In addition, the transmission state of the encrypted data can preventthe situation that the first device does not send data to the seconddevice but the first user claims to have the data sent to the seconddevice. The encrypted data here is the encrypted exchanged data, forexample, the aforementioned encrypted first data and encrypted seconddata. The transmission state includes at least one of the following: theencrypted data has not been transmitted, the encrypted data is beingtransmitted, and the encrypted data has been transmitted to the seconddevice.

A specific way to determine the transmission state of the encrypted datacan be the data exchange platform acquires the transmission state of theencrypted data through a predetermined monitoring program. Themonitoring program can be a program used for transmitting data betweenboth parties of a data exchange process. Or, a specific way to determinethe transmission state of the encrypted data can be receiving thetransmission sate of the encrypted data proactively reported by thefirst device and the second device.

The encrypted data sent by the first device does not pass the dataexchange platform. Therefore, if the first device needs to perform dataexchange with multiple different devices, the first device needs todevelop different data transmission interfaces for the different devicesbecause different devices can support different data transmission modes.This will not only consume a lot of human resources, but also occupy anexcessive number of storage resources. The data transmission platformcan draft a data transmission specification, and define a standardtransmission interface for a data transmission. The standardtransmission interface is a universal interface used during the datatransmission between devices.

As long as a device of a user performing data exchange through the datatransmission platform implements the standard transmission interface,the device can transmit data to any device that implements the standardtransmission interface. In the standard transmission interface definedby the data transmission platform, information, such as a datatransmission protocol during data transmission between both parties of adata exchange process, can be defined. Details are not described here.

The functions of the defined standard interface can include a functionof sending a data transmission state to the data exchange platform. Inthis way, after sending the encrypted data, the data exchange platformcan determine that the encrypted data has been successfully sent to thesecond device, and then perform a corresponding operation. After 130,method 100 stops.

FIG. 2 is a block diagram illustrating an example of a networkingenvironment 200 for secure data transactions, according to animplementation of the present disclosure. For clarity of presentation,the description that follows generally describes environment 200 in thecontext of the other figures in this description. Environment 200 caninclude a data exchange platform 202, a first user 204, a first device206 associated with the first user 204, a second user 208, and a seconddevice 210 associated with the second user 208. In some implementations,environment 200 can include additional or different (or a combination ofboth) components not shown in the block diagram. In someimplementations, components can also be omitted from environment 200.

At 212, the first device 206 encrypts first data to obtain encryptedfirst data.

At 214, the first device 206 sends the encrypted first data to thesecond device 210 through an implemented standard transmission interface222.

The second device 210 also implements a standard transmission interface224.

At 216, the first device 206 sends first key to a data exchange platform202.

At 218, the data exchange platform 202 sends the received first key tothe second device 210.

At 220, the second device 210 decrypts the encrypted first dataaccording to the received first key to obtain the first data.

In the data sending method provided in Implementation 1 of the instantdisclosure, in a data exchange process, a data exchange platform writesa data exchange agreement between a first user and a second user into ablock chain. The data exchange platform then receives a first key, sentby a first device associated with the first user, for decryptingencrypted first data. The first device sends the encrypted first data toa second device associated with the second user. The data exchangeplatform sends the first key to the second device, and the second devicedecrypts the received encrypted first data based on the first key toobtain the first data. It is apparent that the data exchange platformkeeps clear of the exchanged first data in the data exchange process,thereby avoiding the risk that the first data can be used by the dataexchange platform for other purposes, and enhancing the data security inthe data exchange process.

It should be noted that, for ease of description, an implementation ofthe data sending method is introduced by using an example in which thedata method is executed by the data exchange platform. It can beunderstood that the method executed by the data exchange platform is anexample illustration, and should not be understood as a limitation onthis method. Next, the steps of the method provided in Implementation 1can be executed by a same device, or by different devices.

Implementation 2

The concept of the instant disclosure is described based on thepreviously described Implementation 1 in detail. For betterunderstanding of the technical features, means, and effects of theinstant disclosure, the data sending method of the instant disclosure isfurther illustrated in the following, thereby forming anotherimplementation of the instant disclosure.

The data exchange process in Implementation 2 of the instant disclosureis similar to the data exchange process in Implementation 1. For somesteps that are not introduced in Implementation 2, reference may be madeto the relevant description in Implementation 1. Details are notdescribed herein.

Before describing the implementation of the solution in detail, animplementation scenario of the solution is briefly introduced.

On the Internet, money is also present in the form of data. Therefore, avalue of data representing money can be the value of the moneyrepresented by the data. On the Internet, transferring of datarepresenting money is usually implemented, in an actual operation, bychanging numerical values identifying the money. For example, if 100yuan is transferred from account A to account B, the transferring ofdata is actually changing the numerical values representing money inaccount A and account B.

As described in Implementation 1, data values of some types of datacannot be acquired through replication, and such types of data can betransmitted through a platform. Thus, in Implementation 2, a specificimplementation process of the data sending method provided in theinstant disclosure is illustrated in detail by using an example in whichthe third data is data representing money. For ease of description, thethird data representing money is referred to as money for short in thefollowing. Thus, the data exchange process can be understood as a datatransaction process, the first user in Implementation 1 is a dataseller, the second user is a data buyer, and the data exchange platformis a data transaction platform that can provide a data transactionservice for users.

Based on the previously described scenario, the process of implementingdata transaction in Implementation 2 is shown in FIG. 3.

FIG. 3 is a swim diagram illustrating an example of acomputer-implemented method 300 for secure data transactions, accordingto an implementation of the present disclosure. For clarity ofpresentation, the description that follows generally describes method300 in the context of the other figures in this description. However, itwill be understood that method 300 can be performed, for example, by anysystem, environment, software, and hardware, or a combination ofsystems, environments, software, and hardware, as appropriate. In someimplementations, various steps of method 300 can be run in parallel, incombination, in loops, or in any order.

At 310, a data provider 302 (that is, a data seller) publishesinformation of data for sale on a data transaction platform 304.

The data transaction platform 304 can support users having data to sellto publish information of data for sale, such that other users (forexample, data buyers) can find their desired information on the datatransaction platform 304.

At 312, a data consumer 306 (that is, a data buyer) and the dataprovider 302 concur to a data transaction agreement.

The data consumer 306 can communicate with the data provider 302 onspecific transaction details, and finally reach a data transactionagreement. The function of the data transaction agreement is similar tothe function of the data exchange agreement described in Implementation1, and thus is not described in detail again here.

At 314, the data transaction platform 304 writes the data transactionagreement reached by both parties into a block chain.

Once the data transaction agreement is written into the block chain, thepossibility of tampering with the agreement can be greatly reduced, andsecurity of the agreement is enhanced.

At 316, the data consumer 306 pays an amount of money defined in theagreement to the data transaction platform 304.

On the Internet, the transfer of money is actually the transfer of datarepresenting the money. In an actual operation, this is usuallyaccomplished by changing values of data identifying money in accounts.

At 318, the data provider 302 encrypts the data for sale to obtainencrypted data, and then sends a key for the encryption to the datatransaction platform 304.

The data can be encrypted by using a symmetric encryption technology,such that the key for encryption is the same as the key for decryption.

It should be noted that the implementation of the instant disclosuredoes not limit the executing order of step 316 and step 318.

At 320, the data provider 302 transmits the encrypted data to a deviceof the data consumer 306 through a device that implements a standardtransmission interface.

As described in Implementation 1, the standard transmission interfacehere is a universal interface defined by the data exchange platform, andused during data transmission between devices. The device of the dataconsumer 306 also implements the standard transmission interface, inorder to receive data. In this way, when the data consumer 306 and thedata provider 302 further perform data exchange with other users of thedata transaction platform 304, there is no need to develop othertransmission interfaces, thereby saving human resources and storageresources.

At 322, the data transaction platform 304 determines that the encrypteddata has been transmitted to the device of the data consumer 306.

A specific method for determining that the encrypted data has beentransmitted to the device of the data consumer 306 is similar to therelevant description in Implementation 1, and thus is not described indetail again here.

At 324, the data transaction platform 304 determines that the amount ofmoney paid by the data consumer 306 conforms to the amount defined inthe agreement. In response to the determination, the data transactionplatform 304 sends the key to the data consumer 306.

It should be noted that the implementation of the instant disclosuredoes not limit the executing order of step 322 and step 324.

At 326, the data consumer 306 decrypts the encrypted data by using thereceived key, and verifies whether the decrypted data conforms to thedescription in the agreement.

At 328, the data consumer 306 determines that the received data conformsto the description in the agreement. In response to the determination,the data consumer 306 sends a receipt confirmation instruction to thedata transaction platform 304 through the device of the data consumer306.

The function of the receipt confirmation instruction is similar to thefunction of the second data sending instruction described inImplementation 1, and thus is not described in detail again here.

At 330, the data transaction platform 304, after receiving the receiptconfirmation instruction, transfers the amount of money paid by the dataconsumer 306 to an account of the data provider 302.

If the data provider 302 and data consumer 306 subsequently havedisputes over the trade data, they can protect their rights according tothe agreement in the block chain.

In the data transaction method provided in Implementation 2 of theinstant disclosure, a data transaction platform receives a key, sent bya data seller and used for encrypting data for sale, and sends the keyto a device of a data buyer after receiving money paid by the data buyerthrough the device of the data buyer. In this way, after receivingencrypted data sent by the data seller, the data buyer can decrypt theencrypted data by using the key to obtain the data sold by the dataseller. Thus, in the data transaction process, the data exchangeplatform keeps clear of the sold data, thereby avoiding the risk thatthe sold data can be used by the data exchange platform for otherpurposes, and enhancing data security in the data transaction process.

Implementation 3

In order to solve the low data security problem in the existing dataexchange process, Implementation 3 of the instant disclosure describes adata sending apparatus. A schematic structural diagram of the datasending apparatus is shown in FIG. 4.

FIG. 4 is a block diagram illustrating an example of a data exchangeplatform 400, according to an implementation of the present disclosure.For clarity of presentation, the description that follows generallydescribes platform 400 in the context of the other figures in thisdescription. The platform 400 can include a writing unit 402, a firstreceiving unit 404, and a first transmitting unit 416, which can beimplemented in hardware, software, or both. In some implementations, theplatform 400 can include additional or different (or a combination ofboth) components not shown in the block diagram. In someimplementations, components can also be omitted from the platform 400.

The writing unit 402 can, for example, be configured to write a dataexchange agreement between a first user and a second user into a blockchain and store the agreement.

The first receiving unit 404 can, for example, be configured to receivea first key sent by a first device. The first key is used for decryptingencrypted first data, and the first device is a device corresponding toa first user.

The first transmitting unit 406 can, for example, be configured to sendthe first key to a second device, such that the second device, afterreceiving the encrypted first data sent by the first device, decryptsthe received encrypted first data based on the first key to obtain thefirst data. The second device is a device corresponding to the seconduser.

In the implementation of the instant disclosure, there are many otherspecific implementations for exchanging data. In an implementation, theapparatus further includes a third receiving unit and a thirdtransmitting unit. The third receiving unit can, for example, beconfigured to, before the first transmitting unit 406 sends the firstkey to the second device, receive a second key sent by the seconddevice. The second key is used for decrypting encrypted second data. Thethird transmitting unit can, for example, be configured to send thesecond key to the first device after the first transmitting unit 406sends the first key to the second device, such that the first device,after receiving the encrypted second data sent by the second device,decrypts the received encrypted second data based on the second key toobtain the second data.

In order to protect the interests of the second user, in animplementation, the apparatus further includes a fourth receiving unitconfigured to, after the first transmitting unit 406 sends the first keyto the second device and before the third transmitting unit sends thesecond key to the first device, receive confirmation information for thefirst data sent by the second device. The confirmation information forthe first data indicates that the second user determines that the firstdata conforms to the description in the agreement.

In an implementation, the apparatus further includes a fifth receivingunit configured to, after the fourth receiving unit receives theconfirmation information for the first data sent by the second device,receive confirmation information for the second data sent by the firstdevice. The confirmation information for the second data indicates thatthe first user determines that the second data conforms to thedescription in the agreement.

In an implementation, the apparatus further includes a second writingunit configured to, after the fifth receiving unit receives theconfirmation information for the second data sent by the first device,write completion information of the data exchange into a result of thedata exchange agreement in the block chain, and store the completioninformation of the data exchange process.

In order to protect the interests of both parties in a data exchangeprocess, in an implementation, the apparatus further includes a secondreceiving unit and a second transmitting unit. The second receiving unitcan, for example, be configured to, before the first transmitting unit406 sends the first key to the second device, receive third data sent bythe second device. The second transmitting unit can, for example, beconfigured to, after the first transmitting unit 406 sends the first keyto the second device, send the third data to the first user when apreset condition is met.

In an implementation, that a preset condition is met includes receiving,by the data exchange platform, a data sending instruction sent by thesecond device. The data sending instruction is an instruction thatinstructs the data exchange platform to send the third data to the firstdevice.

In an implementation, the data exchange agreement includescharacteristic information of the first data.

The characteristic information of the first data includes at least oneof the following: a message digest for verifying integrity of the firstdata, and baseline information for summarizing specific content of thefirst data.

In order to avoid consuming a lot of human resources in interfacedevelopment, in an implementation, the encrypted first data istransmitted to the second device through a standard transmissioninterface of the first device. The standard transmission interface is auniversal interface defined by the data exchange platform and usedduring data transmission between devices.

In the data sending apparatus provided in Implementation 3 of theinstant disclosure, in a data exchange process, a data exchange platformwrites a data exchange agreement between a first user and a second userinto a block chain. The data exchange platform then receives a firstkey, sent by a first device associated with the first user, fordecrypting encrypted first data. The first device sends the encryptedfirst data to a second device associated with the second user. The dataexchange platform sends the first key to the second device, and thesecond device decrypts the received encrypted first data based on thefirst key to obtain the first data. It is apparent that the dataexchange platform keeps clear of the exchanged first data in the dataexchange process, thereby avoiding the risk that the first data can beused by the data exchange platform for other purposes, and enhancing thedata security in the data exchange process.

FIG. 5 is a flowchart illustrating another example of acomputer-implemented method 500 for secure data transactions. Forclarity of presentation, the description that follows generallydescribes method 500 in the context of the other figures in thisdescription. However, it will be understood that method 500 can beperformed, for example, by any system, environment, software, andhardware, or a combination of systems, environments, software, andhardware, as appropriate. In some implementations, various steps ofmethod 500 can be run in parallel, in combination, in loops, or in anyorder. In some implementations, the method 500 can include additional ordifferent (or a combination of both) steps not shown in the flowchart.In some implementations, steps can also be omitted from the method 500.

At 510, a data exchange agreement between a first user and a second useris written, by a data exchange platform, into a block chain. The dataexchange agreement is associated with first data. For example, the firstdata is the data to be transferred from the first user to the seconduser according to the data exchange agreement. In some implementations,the data exchange platform stores the data exchange agreement. The dataexchange agreement includes one or more of identity information of thefirst and second users, characteristic information of the exchangeddata, data usage specifications abided by the first and second users,and punishment, abided by the first and second users, for violating theagreement, and other information associated with the exchanged data.

In some implementations, before writing the data exchange agreement intothe block chain, data information associated with the first data isreceived, by the data exchange platform and from a first deviceassociated with the first user, for publishing on the data exchangeplatform. The data information associated with the first data is thenpublished by the data exchange platform. An order associated with thefirst data is received by the data exchange platform and from a seconddevice associated with the second user. The order associated with thefirst data is transmitted by the data exchange platform to the firstdevice. Confirmation information for the order associated with the firstdata is received by the data exchange platform and from the firstdevice. Both the order and the confirmation information are associatedwith the data exchange agreement. In some implementations, the dataexchange agreement can be reached using other appropriate methods. From510, method 500 proceeds to 520.

At 520, a first key is received by the data exchange platform and from afirst device associated with the first user. The first key is used fordecrypting encrypted first data. For example, the first device encryptsfirst data to obtain encrypted first data. From 520, method 500 proceedsto 530.

At 530, the received first key is transmitted by the data exchangeplatform to a second device associated with the second user. In someimplementations, before transmitting the received first key, a secondkey is received by the data exchange platform and from the second deviceassociated with the second user. The second key is used for decryptingencrypted second data, and the second data is associated with the dataexchange agreement. For example, the second data is the data to betransferred from the second user to the first user according to the dataexchange agreement. After transmitting the received first key, thereceived second key is transmitted by the data exchange platform to thefirst device associated with the first user. The first device decryptsthe encrypted second data, received from the second device, based on thesecond key to obtain the second data. From 530, method 500 proceeds to540.

At 540, the encrypted first data is transmitted by the first device tothe second device, without passing through the data exchange platform.In some implementations, instead of passing the encrypted first datathrough the data exchange platform, the first device transmits theencrypted first data directly to the second device to avoid the dataexchange platform using the encrypted first data for other purposes (forexample, actions not defined in the data exchange agreement between thefirst user and the second user), or making unauthorized changes to theencrypted first data before transmitting to the second device. In someimplementations, the encrypted first data is transmitted to the seconddevice through a standard transmission interface of the first device.The standard transmission interface is a universal interface defined bythe data exchange platform and used for transmitting data betweendifferent devices. From 540, method 500 proceeds to 550.

At 550, the encrypted first data is decrypted, by the second device,based on the first key to obtain the first data. In someimplementations, after transmitting the received first key and beforetransmitting the received second key, confirmation information for thefirst data is received by the data exchange platform and from the seconddevice associated with the second user. The confirmation information forthe first data indicates that the second user determines that theobtained first data conforms to the data exchange agreement.

In some implementations, after receiving the confirmation informationfor the first data, confirmation information for the second data isreceived by the data exchange platform and from the first deviceassociated with the first user. The confirmation information for thesecond data indicates that the first user determines that the obtainedsecond data conforms to the data exchange agreement. A record,indicating that data exchange between the first user and the second useris accomplished according to the data exchange agreement, is written bythe data exchange platform in the block chain. The record is stored bythe data exchange platform.

In some implementations, before transmitting the received first key,third data is received by the data exchange platform and from the seconddevice associated with the second user. The third data is associatedwith the data exchange agreement. For example, the third data is datathat can be exchanged through the data exchange platform. Aftertransmitting the received first key, the received third data istransmitted by the data exchange platform to the first device associatedwith the first user when a predetermined condition is satisfied. In someimplementations, the predetermined condition includes that the dataexchange platform receives an instruction from the second device. Theinstruction is an instruction that instructs the data exchange platformto transmit the received third data to the first device.

In some implementations, the data exchange agreement includescharacteristic information of the first data. The characteristicinformation of the first data is acquired by the second device. Thecharacteristic information of the first data includes at least one of amessage digest for verifying integrity of the first data, and baselineinformation for summarizing specific content of the first data. Adetermination is made, by the second device, on whether the obtainedfirst data conforms to the data exchange agreement based on the acquiredcharacteristic information of the first data. If it is determined thatthe obtained first data conforms to the data exchange agreement based onthe acquired characteristic information of the first data, the seconddevice transmits confirmation information for the first data to the dataexchange platform. If it is determined that the obtained first data doesnot conform to the data exchange agreement based on the acquiredcharacteristic information of the first data, the second device will nottransmit confirmation information for the first data to the dataexchange platform. After 550, method 500 stops.

FIG. 6 is a block diagram illustrating an example of acomputer-implemented System 600 used to provide computationalfunctionalities associated with described algorithms, methods,functions, processes, flows, and procedures, according to animplementation of the present disclosure. In the illustratedimplementation, System 600 includes a Computer 602 and a Network 630.

The illustrated Computer 602 is intended to encompass any computingdevice such as a server, desktop computer, laptop/notebook computer,wireless data port, smart phone, personal data assistant (PDA), tabletcomputer, one or more processors within these devices, another computingdevice, or a combination of computing devices, including physical orvirtual instances of the computing device, or a combination of physicalor virtual instances of the computing device. Additionally, the Computer602 can include an input device, such as a keypad, keyboard, touchscreen, another input device, or a combination of input devices that canaccept user information, and an output device that conveys informationassociated with the operation of the Computer 602, including digitaldata, visual, audio, another type of information, or a combination oftypes of information, on a graphical-type user interface (UI) (or GUI)or other UI.

The Computer 602 can serve in a role in a distributed computing systemas a client, network component, a server, a database or anotherpersistency, another role, or a combination of roles for performing thesubject matter described in the present disclosure. The illustratedComputer 602 is communicably coupled with a Network 630. In someimplementations, one or more components of the Computer 602 can beconfigured to operate within an environment, includingcloud-computing-based, local, global, another environment, or acombination of environments.

At a high level, the Computer 602 is an electronic computing deviceoperable to receive, transmit, process, store, or manage data andinformation associated with the described subject matter. According tosome implementations, the Computer 602 can also include or becommunicably coupled with a server, including an application server,e-mail server, web server, caching server, streaming data server,another server, or a combination of servers.

The Computer 602 can receive requests over Network 630 (for example,from a client software application executing on another Computer 602)and respond to the received requests by processing the received requestsusing a software application or a combination of software applications.In addition, requests can also be sent to the Computer 602 from internalusers (for example, from a command console or by another internal accessmethod), external or third-parties, or other entities, individuals,systems, or computers.

Each of the components of the Computer 602 can communicate using aSystem Bus 603. In some implementations, any or all of the components ofthe Computer 602, including hardware, software, or a combination ofhardware and software, can interface over the System Bus 603 using anapplication programming interface (API) 612, a Service Layer 613, or acombination of the API 612 and Service Layer 613. The API 612 caninclude specifications for routines, data structures, and objectclasses. The API 612 can be either computer-language independent ordependent and refer to a complete interface, a single function, or evena set of APIs. The Service Layer 613 provides software services to theComputer 602 or other components (whether illustrated or not) that arecommunicably coupled to the Computer 602. The functionality of theComputer 602 can be accessible for all service consumers using theService Layer 613. Software services, such as those provided by theService Layer 613, provide reusable, defined functionalities through adefined interface. For example, the interface can be software written inJAVA, C++, another computing language, or a combination of computinglanguages providing data in extensible markup language (XML) format,another format, or a combination of formats. While illustrated as anintegrated component of the Computer 602, alternative implementationscan illustrate the API 612 or the Service Layer 613 as stand-alonecomponents in relation to other components of the Computer 602 or othercomponents (whether illustrated or not) that are communicably coupled tothe Computer 602. Moreover, any or all parts of the API 612 or theService Layer 613 can be implemented as a child or a sub-module ofanother software module, enterprise application, or hardware modulewithout departing from the scope of the present disclosure.

The Computer 602 includes an Interface 604. Although illustrated as asingle Interface 604, two or more Interfaces 604 can be used accordingto particular needs, desires, or particular implementations of theComputer 602. The Interface 604 is used by the Computer 602 forcommunicating with another computing system (whether illustrated or not)that is communicatively linked to the Network 630 in a distributedenvironment. Generally, the Interface 604 is operable to communicatewith the Network 630 and includes logic encoded in software, hardware,or a combination of software and hardware. More specifically, theInterface 604 can include software supporting one or more communicationprotocols associated with communications such that the Network 630 orhardware of Interface 604 is operable to communicate physical signalswithin and outside of the illustrated Computer 602.

The Computer 602 includes a Processor 605. Although illustrated as asingle Processor 605, two or more Processors 605 can be used accordingto particular needs, desires, or particular implementations of theComputer 602. Generally, the Processor 605 executes instructions andmanipulates data to perform the operations of the Computer 602 and anyalgorithms, methods, functions, processes, flows, and procedures asdescribed in the present disclosure.

The Computer 602 also includes a Database 606 that can hold data for theComputer 602, another component communicatively linked to the Network630 (whether illustrated or not), or a combination of the Computer 602and another component. For example, Database 606 can be an in-memory,conventional, or another type of database storing data consistent withthe present disclosure. In some implementations, Database 606 can be acombination of two or more different database types (for example, ahybrid in-memory and conventional database) according to particularneeds, desires, or particular implementations of the Computer 602 andthe described functionality. Although illustrated as a single Database606, two or more databases of similar or differing types can be usedaccording to particular needs, desires, or particular implementations ofthe Computer 602 and the described functionality. While Database 606 isillustrated as an integral component of the Computer 602, in alternativeimplementations, Database 606 can be external to the Computer 602.

The Computer 602 also includes a Memory 607 that can hold data for theComputer 602, another component or components communicatively linked tothe Network 630 (whether illustrated or not), or a combination of theComputer 602 and another component. Memory 607 can store any dataconsistent with the present disclosure. In some implementations, Memory607 can be a combination of two or more different types of memory (forexample, a combination of semiconductor and magnetic storage) accordingto particular needs, desires, or particular implementations of theComputer 602 and the described functionality. Although illustrated as asingle Memory 607, two or more Memories 607 or similar or differingtypes can be used according to particular needs, desires, or particularimplementations of the Computer 602 and the described functionality.While Memory 607 is illustrated as an integral component of the Computer602, in alternative implementations, Memory 607 can be external to theComputer 602.

The Application 608 is an algorithmic software engine providingfunctionality according to particular needs, desires, or particularimplementations of the Computer 602, particularly with respect tofunctionality described in the present disclosure. For example,Application 608 can serve as one or more components, modules, orapplications. Further, although illustrated as a single Application 608,the Application 608 can be implemented as multiple Applications 608 onthe Computer 602. In addition, although illustrated as integral to theComputer 602, in alternative implementations, the Application 608 can beexternal to the Computer 602.

The Computer 602 can also include a Power Supply 614. The Power Supply614 can include a rechargeable or non-rechargeable battery that can beconfigured to be either user- or non-user-replaceable. In someimplementations, the Power Supply 614 can include power-conversion ormanagement circuits (including recharging, standby, or another powermanagement functionality). In some implementations, the Power Supply 614can include a power plug to allow the Computer 602 to be plugged into awall socket or another power source to, for example, power the Computer602 or recharge a rechargeable battery.

There can be any number of Computers 602 associated with, or externalto, a computer system containing Computer 602, each Computer 602communicating over Network 630. Further, the term “client,” “user,” orother appropriate terminology can be used interchangeably, asappropriate, without departing from the scope of the present disclosure.Moreover, the present disclosure contemplates that many users can useone Computer 602, or that one user can use multiple computers 602.

Described implementations of the subject matter can include one or morefeatures, alone or in combination.

For example, in a first implementation, a computer-implemented method,comprising: writing, by a data exchange platform, a data exchangeagreement between a first user and a second user into a block chain,wherein the data exchange agreement is associated with first data;receiving, by the data exchange platform and from a first deviceassociated with the first user, a first key, wherein the first key isused for decrypting encrypted first data; and transmitting, by the dataexchange platform and to a second device associated with the seconduser, the received first key.

The foregoing and other described implementations can each, optionally,include one or more of the following features:

A first feature, combinable with any of the following features, whereinthe data exchange platform stores the data exchange agreement.

A second feature, combinable with any of the previous or followingfeatures, further comprising: transmitting, by the first device and tothe second device, the encrypted first data without passing through thedata exchange platform; and decrypting, by the second device, theencrypted first data based on the first key to obtain the first data.

A third feature, combinable with any of the previous or followingfeatures, before writing the data exchange agreement into the blockchain, the method further comprising: receiving, by the data exchangeplatform and from the first device, data information associated with thefirst data; publishing, by the data exchange platform, the datainformation associated with the first data; receiving, by the dataexchange platform and from the second device, an order associated withthe first data; transmitting, by the data exchange platform and to thefirst device, the order associated with the first data; and receiving,by the data exchange platform and from the first device, confirmationinformation for the order associated with the first data, wherein boththe order and the confirmation information are associated with the dataexchange agreement.

A fourth feature, combinable with any of the previous or followingfeatures, the method further comprising: before transmitting thereceived first key, receiving, by the data exchange platform and fromthe second device associated with the second user, a second key, whereinthe second key is used for decrypting encrypted second data, and thesecond data is associated with the data exchange agreement; and aftertransmitting the received first key, transmitting, by the data exchangeplatform and to the first device associated with the first user, thereceived second key, wherein the first device decrypts the encryptedsecond data, received from the second device, based on the second key toobtain the second data.

A fifth feature, combinable with any of the previous or followingfeatures, after transmitting the received first key and beforetransmitting the received second key, the method further comprising:receiving, by the data exchange platform and from the second deviceassociated with the second user, confirmation information for the firstdata, wherein the confirmation information for the first data indicatesthat the second user determines that the obtained first data conforms tothe data exchange agreement.

A sixth feature, combinable with any of the previous or followingfeatures, after receiving the confirmation information for the firstdata, the method further comprising: receiving, by the data exchangeplatform and from the first device associated with the first user,confirmation information for the second data, wherein the confirmationinformation for the second data indicates that the first user determinesthat the obtained second data conforms to the data exchange agreement;writing, by the data exchange platform, a record indicating that dataexchange between the first user and the second user is accomplishedaccording to the data exchange agreement in the block chain; andstoring, by the data exchange platform, the record.

A seventh feature, combinable with any of the previous or followingfeatures, the method further comprising: before transmitting thereceived first key, receiving, by the data exchange platform and fromthe second device associated with the second user, third data, whereinthe third data is associated with the data exchange agreement; and aftertransmitting the received first key, transmitting, by the data exchangeplatform and to the first device associated with the first user, thereceived third data when a predetermined condition is satisfied.

An eighth feature, combinable with any of the previous or followingfeatures, wherein the predetermined condition includes that the dataexchange platform receives an instruction from the second device,wherein the instruction is an instruction that instructs the dataexchange platform to transmit the received third data to the firstdevice.

A ninth feature, combinable with any of the previous or followingfeatures, wherein the data exchange agreement includes characteristicinformation of the first data, the method further comprising: acquiring,by the second device, the characteristic information of the first data,wherein the characteristic information of the first data includes atleast one of a message digest for verifying integrity of the first data,and baseline information for summarizing specific content of the firstdata; and determining, by the second device, whether the obtained firstdata conforms to the data exchange agreement based on the acquiredcharacteristic information of the first data.

A tenth feature, combinable with any of the previous or followingfeatures, wherein the encrypted first data is transmitted to the seconddevice through a standard transmission interface of the first device,and the standard transmission interface is a universal interface definedby the data exchange platform and used for transmitting data betweendifferent devices.

In a second implementation, a non-transitory, computer-readable mediumstoring one or more instructions executable by a computer system toperform operations comprising: writing, by a data exchange platform, adata exchange agreement between a first user and a second user into ablock chain, wherein the data exchange agreement is associated withfirst data; receiving, by the data exchange platform and from a firstdevice associated with the first user, a first key, wherein the firstkey is used for decrypting encrypted first data; and transmitting, bythe data exchange platform and to a second device associated with thesecond user, the received first key.

The foregoing and other described implementations can each, optionally,include one or more of the following features:

A first feature, combinable with any of the following features, whereinthe data exchange platform stores the data exchange agreement.

A second feature, combinable with any of the previous or followingfeatures, the operations further comprising: transmitting, by the firstdevice and to the second device, the encrypted first data withoutpassing through the data exchange platform; and decrypting, by thesecond device, the encrypted first data based on the first key to obtainthe first data.

A third feature, combinable with any of the previous or followingfeatures, before writing the data exchange agreement into the blockchain, the operations further comprising: receiving, by the dataexchange platform and from the first device, data information associatedwith the first data; publishing, by the data exchange platform, the datainformation associated with the first data; receiving, by the dataexchange platform and from the second device, an order associated withthe first data; transmitting, by the data exchange platform and to thefirst device, the order associated with the first data; and receiving,by the data exchange platform and from the first device, confirmationinformation for the order associated with the first data, wherein boththe order and the confirmation information are associated with the dataexchange agreement.

A fourth feature, combinable with any of the previous or followingfeatures, the operations further comprising: before transmitting thereceived first key, receiving, by the data exchange platform and fromthe second device associated with the second user, a second key, whereinthe second key is used for decrypting encrypted second data, and thesecond data is associated with the data exchange agreement; and aftertransmitting the received first key, transmitting, by the data exchangeplatform and to the first device associated with the first user, thereceived second key, wherein the first device decrypts the encryptedsecond data, received from the second device, based on the second key toobtain the second data.

A fifth feature, combinable with any of the previous or followingfeatures, after transmitting the received first key and beforetransmitting the received second key, the operations further comprising:receiving, by the data exchange platform and from the second deviceassociated with the second user, confirmation information for the firstdata, wherein the confirmation information for the first data indicatesthat the second user determines that the obtained first data conforms tothe data exchange agreement.

A sixth feature, combinable with any of the previous or followingfeatures, after receiving the confirmation information for the firstdata, the operations further comprising: receiving, by the data exchangeplatform and from the first device associated with the first user,confirmation information for the second data, wherein the confirmationinformation for the second data indicates that the first user determinesthat the obtained second data conforms to the data exchange agreement;writing, by the data exchange platform, a record indicating that dataexchange between the first user and the second user is accomplishedaccording to the data exchange agreement in the block chain; andstoring, by the data exchange platform, the record.

A seventh feature, combinable with any of the previous or followingfeatures, the operations further comprising: before transmitting thereceived first key, receiving, by the data exchange platform and fromthe second device associated with the second user, third data, whereinthe third data is associated with the data exchange agreement; and aftertransmitting the received first key, transmitting, by the data exchangeplatform and to the first device associated with the first user, thereceived third data when a predetermined condition is satisfied.

An eighth feature, combinable with any of the previous or followingfeatures, wherein the predetermined condition includes that the dataexchange platform receives an instruction from the second device,wherein the instruction is an instruction that instructs the dataexchange platform to transmit the received third data to the firstdevice.

A ninth feature, combinable with any of the previous or followingfeatures, wherein the data exchange agreement includes characteristicinformation of the first data, the operations further comprising:acquiring, by the second device, the characteristic information of thefirst data, wherein the characteristic information of the first dataincludes at least one of a message digest for verifying integrity of thefirst data, and baseline information for summarizing specific content ofthe first data; and determining, by the second device, whether theobtained first data conforms to the data exchange agreement based on theacquired characteristic information of the first data.

A tenth feature, combinable with any of the previous or followingfeatures, wherein the encrypted first data is transmitted to the seconddevice through a standard transmission interface of the first device,and the standard transmission interface is a universal interface definedby the data exchange platform and used for transmitting data betweendifferent devices.

In a third implementation, a computer-implemented system, comprising:one or more computers; and one or more computer memory devicesinteroperably coupled with the one or more computers and havingtangible, non-transitory, machine-readable media storing one or moreinstructions that, when executed by the one or more computers, performone or more operations comprising: writing, by a data exchange platform,a data exchange agreement between a first user and a second user into ablock chain, wherein the data exchange agreement is associated withfirst data; receiving, by the data exchange platform and from a firstdevice associated with the first user, a first key, wherein the firstkey is used for decrypting encrypted first data; and transmitting, bythe data exchange platform and to a second device associated with thesecond user, the received first key.

The foregoing and other described implementations can each, optionally,include one or more of the following features:

A first feature, combinable with any of the following features, whereinthe data exchange platform stores the data exchange agreement.

A second feature, combinable with any of the previous or followingfeatures, the operations further comprising: transmitting, by the firstdevice and to the second device, the encrypted first data withoutpassing through the data exchange platform; and decrypting, by thesecond device, the encrypted first data based on the first key to obtainthe first data.

A third feature, combinable with any of the previous or followingfeatures, before writing the data exchange agreement into the blockchain, the operations further comprising: receiving, by the dataexchange platform and from the first device, data information associatedwith the first data; publishing, by the data exchange platform, the datainformation associated with the first data; receiving, by the dataexchange platform and from the second device, an order associated withthe first data; transmitting, by the data exchange platform and to thefirst device, the order associated with the first data; and receiving,by the data exchange platform and from the first device, confirmationinformation for the order associated with the first data, wherein boththe order and the confirmation information are associated with the dataexchange agreement.

A fourth feature, combinable with any of the previous or followingfeatures, the operations further comprising: before transmitting thereceived first key, receiving, by the data exchange platform and fromthe second device associated with the second user, a second key, whereinthe second key is used for decrypting encrypted second data, and thesecond data is associated with the data exchange agreement; and aftertransmitting the received first key, transmitting, by the data exchangeplatform and to the first device associated with the first user, thereceived second key, wherein the first device decrypts the encryptedsecond data, received from the second device, based on the second key toobtain the second data.

A fifth feature, combinable with any of the previous or followingfeatures, after transmitting the received first key and beforetransmitting the received second key, the operations further comprising:receiving, by the data exchange platform and from the second deviceassociated with the second user, confirmation information for the firstdata, wherein the confirmation information for the first data indicatesthat the second user determines that the obtained first data conforms tothe data exchange agreement.

A sixth feature, combinable with any of the previous or followingfeatures, after receiving the confirmation information for the firstdata, the operations further comprising: receiving, by the data exchangeplatform and from the first device associated with the first user,confirmation information for the second data, wherein the confirmationinformation for the second data indicates that the first user determinesthat the obtained second data conforms to the data exchange agreement;writing, by the data exchange platform, a record indicating that dataexchange between the first user and the second user is accomplishedaccording to the data exchange agreement in the block chain; andstoring, by the data exchange platform, the record.

A seventh feature, combinable with any of the previous or followingfeatures, the operations further comprising: before transmitting thereceived first key, receiving, by the data exchange platform and fromthe second device associated with the second user, third data, whereinthe third data is associated with the data exchange agreement; and aftertransmitting the received first key, transmitting, by the data exchangeplatform and to the first device associated with the first user, thereceived third data when a predetermined condition is satisfied.

An eighth feature, combinable with any of the previous or followingfeatures, wherein the predetermined condition includes that the dataexchange platform receives an instruction from the second device,wherein the instruction is an instruction that instructs the dataexchange platform to transmit the received third data to the firstdevice.

A ninth feature, combinable with any of the previous or followingfeatures, wherein the data exchange agreement includes characteristicinformation of the first data, the operations further comprising:acquiring, by the second device, the characteristic information of thefirst data, wherein the characteristic information of the first dataincludes at least one of a message digest for verifying integrity of thefirst data, and baseline information for summarizing specific content ofthe first data; and determining, by the second device, whether theobtained first data conforms to the data exchange agreement based on theacquired characteristic information of the first data.

A tenth feature, combinable with any of the previous or followingfeatures, wherein the encrypted first data is transmitted to the seconddevice through a standard transmission interface of the first device,and the standard transmission interface is a universal interface definedby the data exchange platform and used for transmitting data betweendifferent devices.

Implementations of the subject matter and the functional operationsdescribed in this specification can be implemented in digital electroniccircuitry, in tangibly embodied computer software or firmware, incomputer hardware, including the structures disclosed in thisspecification and their structural equivalents, or in combinations ofone or more of them. Software implementations of the described subjectmatter can be implemented as one or more computer programs, that is, oneor more modules of computer program instructions encoded on a tangible,non-transitory, computer-readable medium for execution by, or to controlthe operation of, a computer or computer-implemented system.Alternatively, or additionally, the program instructions can be encodedin/on an artificially generated propagated signal, for example, amachine-generated electrical, optical, or electromagnetic signal that isgenerated to encode information for transmission to a receiver apparatusfor execution by a computer or computer-implemented system. Thecomputer-storage medium can be a machine-readable storage device, amachine-readable storage substrate, a random or serial access memorydevice, or a combination of computer-storage mediums. Configuring one ormore computers means that the one or more computers have installedhardware, firmware, or software (or combinations of hardware, firmware,and software) so that when the software is executed by the one or morecomputers, particular computing operations are performed.

The term “real-time,” “real time,” “realtime,” “real (fast) time (RFT),”“near(ly) real-time (NRT),” “quasi real-time,” or similar terms (asunderstood by one of ordinary skill in the art), means that an actionand a response are temporally proximate such that an individualperceives the action and the response occurring substantiallysimultaneously. For example, the time difference for a response todisplay (or for an initiation of a display) of data following theindividual's action to access the data can be less than 1 millisecond(ms), less than 1 second (s), or less than 5 s. While the requested dataneed not be displayed (or initiated for display) instantaneously, it isdisplayed (or initiated for display) without any intentional delay,taking into account processing limitations of a described computingsystem and time required to, for example, gather, accurately measure,analyze, process, store, or transmit the data.

The terms “data processing apparatus,” “computer,” or “electroniccomputer device” (or an equivalent term as understood by one of ordinaryskill in the art) refer to data processing hardware and encompass allkinds of apparatuses, devices, and machines for processing data,including by way of example, a programmable processor, a computer, ormultiple processors or computers. The computer can also be, or furtherinclude special purpose logic circuitry, for example, a centralprocessing unit (CPU), a field programmable gate array (FPGA), or anapplication-specific integrated circuit (ASIC). In some implementations,the computer or computer-implemented system or special purpose logiccircuitry (or a combination of the computer or computer-implementedsystem and special purpose logic circuitry) can be hardware- orsoftware-based (or a combination of both hardware- and software-based).The computer can optionally include code that creates an executionenvironment for computer programs, for example, code that constitutesprocessor firmware, a protocol stack, a database management system, anoperating system, or a combination of execution environments. Thepresent disclosure contemplates the use of a computer orcomputer-implemented system with an operating system of some type, forexample LINUX, UNIX, WINDOWS, MAC OS, ANDROID, IOS, another operatingsystem, or a combination of operating systems.

A computer program, which can also be referred to or described as aprogram, software, a software application, a unit, a module, a softwaremodule, a script, code, or other component can be written in any form ofprogramming language, including compiled or interpreted languages, ordeclarative or procedural languages, and it can be deployed in any form,including, for example, as a stand-alone program, module, component, orsubroutine, for use in a computing environment. A computer program can,but need not, correspond to a file in a file system. A program can bestored in a portion of a file that holds other programs or data, forexample, one or more scripts stored in a markup language document, in asingle file dedicated to the program in question, or in multiplecoordinated files, for example, files that store one or more modules,sub-programs, or portions of code. A computer program can be deployed tobe executed on one computer or on multiple computers that are located atone site or distributed across multiple sites and interconnected by acommunication network.

While portions of the programs illustrated in the various figures can beillustrated as individual components, such as units or modules, thatimplement described features and functionality using various objects,methods, or other processes, the programs can instead include a numberof sub-units, sub-modules, third-party services, components, libraries,and other components, as appropriate. Conversely, the features andfunctionality of various components can be combined into singlecomponents, as appropriate. Thresholds used to make computationaldeterminations can be statically, dynamically, or both statically anddynamically determined.

Described methods, processes, or logic flows represent one or moreexamples of functionality consistent with the present disclosure and arenot intended to limit the disclosure to the described or illustratedimplementations, but to be accorded the widest scope consistent withdescribed principles and features. The described methods, processes, orlogic flows can be performed by one or more programmable computersexecuting one or more computer programs to perform functions byoperating on input data and generating output data. The methods,processes, or logic flows can also be performed by, and computers canalso be implemented as, special purpose logic circuitry, for example, aCPU, an FPGA, or an ASIC.

Computers for the execution of a computer program can be based ongeneral or special purpose microprocessors, both, or another type ofCPU. Generally, a CPU will receive instructions and data from and writeto a memory. The essential elements of a computer are a CPU, forperforming or executing instructions, and one or more memory devices forstoring instructions and data. Generally, a computer will also include,or be operatively coupled to, receive data from or transfer data to, orboth, one or more mass storage devices for storing data, for example,magnetic, magneto-optical disks, or optical disks. However, a computerneed not have such devices. Moreover, a computer can be embedded inanother device, for example, a mobile telephone, a personal digitalassistant (PDA), a mobile audio or video player, a game console, aglobal positioning system (GPS) receiver, or a portable memory storagedevice.

Non-transitory computer-readable media for storing computer programinstructions and data can include all forms of permanent/non-permanentor volatile/non-volatile memory, media and memory devices, including byway of example semiconductor memory devices, for example, random accessmemory (RAM), read-only memory (ROM), phase change memory (PRAM), staticrandom access memory (SRAM), dynamic random access memory (DRAM),erasable programmable read-only memory (EPROM), electrically erasableprogrammable read-only memory (EEPROM), and flash memory devices;magnetic devices, for example, tape, cartridges, cassettes,internal/removable disks; magneto-optical disks; and optical memorydevices, for example, digital versatile/video disc (DVD), compact disc(CD)-ROM, DVD+/—R, DVD-RAM, DVD-ROM, high-definition/density (HD)-DVD,and BLU-RAY/BLU-RAY DISC (BD), and other optical memory technologies.The memory can store various objects or data, including caches, classes,frameworks, applications, modules, backup data, jobs, web pages, webpage templates, data structures, database tables, repositories storingdynamic information, or other appropriate information including anyparameters, variables, algorithms, instructions, rules, constraints, orreferences. Additionally, the memory can include other appropriate data,such as logs, policies, security or access data, or reporting files. Theprocessor and the memory can be supplemented by, or incorporated in,special purpose logic circuitry.

To provide for interaction with a user, implementations of the subjectmatter described in this specification can be implemented on a computerhaving a display device, for example, a cathode ray tube (CRT), liquidcrystal display (LCD), light emitting diode (LED), or plasma monitor,for displaying information to the user and a keyboard and a pointingdevice, for example, a mouse, trackball, or trackpad by which the usercan provide input to the computer. Input can also be provided to thecomputer using a touchscreen, such as a tablet computer surface withpressure sensitivity, a multi-touch screen using capacitive or electricsensing, or another type of touchscreen. Other types of devices can beused to interact with the user. For example, feedback provided to theuser can be any form of sensory feedback (such as, visual, auditory,tactile, or a combination of feedback types). Input from the user can bereceived in any form, including acoustic, speech, or tactile input. Inaddition, a computer can interact with the user by sending documents toand receiving documents from a client computing device that is used bythe user (for example, by sending web pages to a web browser on a user'smobile computing device in response to requests received from the webbrowser).

The term “graphical user interface,” or “GUI,” can be used in thesingular or the plural to describe one or more graphical user interfacesand each of the displays of a particular graphical user interface.Therefore, a GUI can represent any graphical user interface, includingbut not limited to, a web browser, a touch screen, or a command lineinterface (CLI) that processes information and efficiently presents theinformation results to the user. In general, a GUI can include a numberof user interface (UI) elements, some or all associated with a webbrowser, such as interactive fields, pull-down lists, and buttons. Theseand other UI elements can be related to or represent the functions ofthe web browser.

Implementations of the subject matter described in this specificationcan be implemented in a computing system that includes a back-endcomponent, for example, as a data server, or that includes a middlewarecomponent, for example, an application server, or that includes afront-end component, for example, a client computer having a graphicaluser interface or a Web browser through which a user can interact withan implementation of the subject matter described in this specification,or any combination of one or more such back-end, middleware, orfront-end components. The components of the system can be interconnectedby any form or medium of wireline or wireless digital data communication(or a combination of data communication), for example, a communicationnetwork. Examples of communication networks include a local area network(LAN), a radio access network (RAN), a metropolitan area network (MAN),a wide area network (WAN), Worldwide Interoperability for MicrowaveAccess (WIMAX), a wireless local area network (WLAN) using, for example,802.11 a/b/g/n or 802.20 (or a combination of 802.11x and 802.20 orother protocols consistent with the present disclosure), all or aportion of the Internet, another communication network, or a combinationof communication networks. The communication network can communicatewith, for example, Internet Protocol (IP) packets, frame relay frames,Asynchronous Transfer Mode (ATM) cells, voice, video, data, or otherinformation between network nodes.

The computing system can include clients and servers. A client andserver are generally remote from each other and typically interactthrough a communication network. The relationship of client and serverarises by virtue of computer programs running on the respectivecomputers and having a client-server relationship to each other.

While this specification contains many specific implementation details,these should not be construed as limitations on the scope of anyinventive concept or on the scope of what can be claimed, but rather asdescriptions of features that can be specific to particularimplementations of particular inventive concepts. Certain features thatare described in this specification in the context of separateimplementations can also be implemented, in combination, in a singleimplementation. Conversely, various features that are described in thecontext of a single implementation can also be implemented in multipleimplementations, separately, or in any sub-combination. Moreover,although previously described features can be described as acting incertain combinations and even initially claimed as such, one or morefeatures from a claimed combination can, in some cases, be excised fromthe combination, and the claimed combination can be directed to asub-combination or variation of a sub-combination.

Particular implementations of the subject matter have been described.Other implementations, alterations, and permutations of the describedimplementations are within the scope of the following claims as will beapparent to those skilled in the art. While operations are depicted inthe drawings or claims in a particular order, this should not beunderstood as requiring that such operations be performed in theparticular order shown or in sequential order, or that all illustratedoperations be performed (some operations can be considered optional), toachieve desirable results. In certain circumstances, multitasking orparallel processing (or a combination of multitasking and parallelprocessing) can be advantageous and performed as deemed appropriate.

Moreover, the separation or integration of various system modules andcomponents in the previously described implementations should not beunderstood as requiring such separation or integration in allimplementations, and it should be understood that the described programcomponents and systems can generally be integrated together in a singlesoftware product or packaged into multiple software products.

Accordingly, the previously described example implementations do notdefine or constrain the present disclosure. Other changes,substitutions, and alterations are also possible without departing fromthe spirit and scope of the present disclosure.

Furthermore, any claimed implementation is considered to be applicableto at least a computer-implemented method; a non-transitory,computer-readable medium storing computer-readable instructions toperform the computer-implemented method; and a computer systemcomprising a computer memory interoperably coupled with a hardwareprocessor configured to perform the computer-implemented method or theinstructions stored on the non-transitory, computer-readable medium.

What is claimed is:
 1. A computer-implemented method, comprising:writing, by a data exchange platform, a data exchange agreement betweena first user and a second user into a block chain, wherein the dataexchange agreement is associated with first data; receiving, by the dataexchange platform and from a first device associated with the firstuser, a first key, wherein the first key is used for decryptingencrypted first data; and transmitting, by the data exchange platformand to a second device associated with the second user, the receivedfirst key.
 2. The computer-implemented method of claim 1, wherein thedata exchange platform stores the data exchange agreement.
 3. Thecomputer-implemented method of claim 1, further comprising:transmitting, by the first device and to the second device, theencrypted first data without passing through the data exchange platform;and decrypting, by the second device, the encrypted first data based onthe first key to obtain the first data.
 4. The computer-implementedmethod of claim 1, before writing the data exchange agreement into theblock chain, the method further comprising: receiving, by the dataexchange platform and from the first device, data information associatedwith the first data; publishing, by the data exchange platform, the datainformation associated with the first data; receiving, by the dataexchange platform and from the second device, an order associated withthe first data; transmitting, by the data exchange platform and to thefirst device, the order associated with the first data; and receiving,by the data exchange platform and from the first device, confirmationinformation for the order associated with the first data, wherein boththe order and the confirmation information are associated with the dataexchange agreement.
 5. The computer-implemented method of claim 3, themethod further comprising: before transmitting the received first key,receiving, by the data exchange platform and from the second deviceassociated with the second user, a second key, wherein the second key isused for decrypting encrypted second data, and the second data isassociated with the data exchange agreement; and after transmitting thereceived first key, transmitting, by the data exchange platform and tothe first device associated with the first user, the received secondkey, wherein the first device decrypts the encrypted second data,received from the second device, based on the second key to obtain thesecond data.
 6. The computer-implemented method of claim 5, aftertransmitting the received first key and before transmitting the receivedsecond key, the method further comprising: receiving, by the dataexchange platform and from the second device associated with the seconduser, confirmation information for the first data, wherein theconfirmation information for the first data indicates that the seconduser determines that the obtained first data conforms to the dataexchange agreement.
 7. The computer-implemented method of claim 6, afterreceiving the confirmation information for the first data, the methodfurther comprising: receiving, by the data exchange platform and fromthe first device associated with the first user, confirmationinformation for the second data, wherein the confirmation informationfor the second data indicates that the first user determines that theobtained second data conforms to the data exchange agreement; writing,by the data exchange platform, a record indicating that data exchangebetween the first user and the second user is accomplished according tothe data exchange agreement in the block chain; and storing, by the dataexchange platform, the record.
 8. The computer-implemented method ofclaim 1, the method further comprising: before transmitting the receivedfirst key, receiving, by the data exchange platform and from the seconddevice associated with the second user, third data, wherein the thirddata is associated with the data exchange agreement; and aftertransmitting the received first key, transmitting, by the data exchangeplatform and to the first device associated with the first user, thereceived third data when a predetermined condition is satisfied.
 9. Thecomputer-implemented method of claim 8, wherein the predeterminedcondition includes that the data exchange platform receives aninstruction from the second device, wherein the instruction is aninstruction that instructs the data exchange platform to transmit thereceived third data to the first device.
 10. The computer-implementedmethod of claim 3, wherein the data exchange agreement includescharacteristic information of the first data, the method furthercomprising: acquiring, by the second device, the characteristicinformation of the first data, wherein the characteristic information ofthe first data includes at least one of a message digest for verifyingintegrity of the first data, and baseline information for summarizingspecific content of the first data; and determining, by the seconddevice, whether the obtained first data conforms to the data exchangeagreement based on the acquired characteristic information of the firstdata.
 11. The computer-implemented method of claim 3, wherein theencrypted first data is transmitted to the second device through astandard transmission interface of the first device, and the standardtransmission interface is a universal interface defined by the dataexchange platform and used for transmitting data between differentdevices.
 12. A non-transitory, computer-readable medium storing one ormore instructions executable by a computer system to perform operationscomprising: writing, by a data exchange platform, a data exchangeagreement between a first user and a second user into a block chain,wherein the data exchange agreement is associated with first data;receiving, by the data exchange platform and from a first deviceassociated with the first user, a first key, wherein the first key isused for decrypting encrypted first data; and transmitting, by the dataexchange platform and to a second device associated with the seconduser, the received first key.
 13. The non-transitory, computer-readablemedium of claim 12, wherein the data exchange platform stores the dataexchange agreement.
 14. The non-transitory, computer-readable medium ofclaim 12, the operations further comprising: transmitting, by the firstdevice and to the second device, the encrypted first data withoutpassing through the data exchange platform; and decrypting, by thesecond device, the encrypted first data based on the first key to obtainthe first data.
 15. The non-transitory, computer-readable medium ofclaim 12, before writing the data exchange agreement into the blockchain, the operations further comprising: receiving, by the dataexchange platform and from the first device, data information associatedwith the first data; publishing, by the data exchange platform, the datainformation associated with the first data; receiving, by the dataexchange platform and from the second device, an order associated withthe first data; transmitting, by the data exchange platform and to thefirst device, the order associated with the first data; and receiving,by the data exchange platform and from the first device, confirmationinformation for the order associated with the first data, wherein boththe order and the confirmation information are associated with the dataexchange agreement.
 16. The non-transitory, computer-readable medium ofclaim 14, the operations further comprising: before transmitting thereceived first key, receiving, by the data exchange platform and fromthe second device associated with the second user, a second key, whereinthe second key is used for decrypting encrypted second data, and thesecond data is associated with the data exchange agreement; and aftertransmitting the received first key, transmitting, by the data exchangeplatform and to the first device associated with the first user, thereceived second key, wherein the first device decrypts the encryptedsecond data, received from the second device, based on the second key toobtain the second data.
 17. A computer-implemented system, comprising:one or more computers; and one or more computer memory devicesinteroperably coupled with the one or more computers and havingtangible, non-transitory, machine-readable media storing one or moreinstructions that, when executed by the one or more computers, performone or more operations comprising: writing, by a data exchange platform,a data exchange agreement between a first user and a second user into ablock chain, wherein the data exchange agreement is associated withfirst data; receiving, by the data exchange platform and from a firstdevice associated with the first user, a first key, wherein the firstkey is used for decrypting encrypted first data; and transmitting, bythe data exchange platform and to a second device associated with thesecond user, the received first key.
 18. The computer-implemented systemof claim 17, wherein the data exchange platform stores the data exchangeagreement.
 19. The computer-implemented system of claim 17, theoperations further comprising: transmitting, by the first device and tothe second device, the encrypted first data without passing through thedata exchange platform; and decrypting, by the second device, theencrypted first data based on the first key to obtain the first data.20. The computer-implemented system of claim 17, before writing the dataexchange agreement into the block chain, the operations furthercomprising: receiving, by the data exchange platform and from the firstdevice, data information associated with the first data; publishing, bythe data exchange platform, the data information associated with thefirst data; receiving, by the data exchange platform and from the seconddevice, an order associated with the first data; transmitting, by thedata exchange platform and to the first device, the order associatedwith the first data; and receiving, by the data exchange platform andfrom the first device, confirmation information for the order associatedwith the first data, wherein both the order and the confirmationinformation are associated with the data exchange agreement.